Summary and recommendation
Datadog supports native SCIM 2.0 provisioning, but only for Infrastructure Pro ($15-$18/host/month) or Enterprise ($23-$27/host/month) plans. Teams on the free tier or basic plans can't access automated provisioning at all. Additionally, Datadog's SCIM has a critical limitation: team provisioning via Microsoft Entra is completely broken due to a Microsoft security freeze that has blocked third-party app updates since late 2024.
This creates a significant gap for DevOps teams using Entra as their identity provider. While you can provision users automatically, team assignments—which control access to specific dashboards, alerts, and monitoring data—must be managed manually. For fast-growing engineering teams who need immediate access to production monitoring, this defeats the purpose of automation and creates security risks when engineers don't get proper access controls.
The pricing barrier compounds the problem. Moving from Datadog's free tier to Pro just for SCIM access can cost $15-$18 per monitored host per month. For a team monitoring 50 hosts, that's $9,000-$10,800/year in additional licensing costs primarily to unlock provisioning features.
The strategic alternative
Stitchflow provides SCIM-level provisioning through resilient browser automation for Datadog without the plan upgrade requirement. Works with any Datadog tier and any IdP, including full team provisioning support for Entra environments. Flat pricing under $5K/year regardless of your infrastructure size.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Datadog accounts manually. Here's what that costs:
The Datadog pricing problem
Datadog gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure (Host-based pricing, annual billing)
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Free | $0 (5 hosts max) | ||
| Infrastructure Pro | $15/host/month | ||
| Infrastructure Enterprise | $23/host/month |
Note: SCIM supports both user and team provisioning. Additional products like APM ($31-40/host/month), DevSecOps Pro ($22/host/month), and Log Management ($0.10/GB) stack on top of base infrastructure pricing.
What this means in practice
Using current list prices (Free → Infrastructure Pro for SCIM access):
| Infrastructure Size | Annual Cost for Pro Tier |
|---|---|
| 25 hosts | $4,500/year |
| 50 hosts | $9,000/year |
| 100 hosts | $18,000/year |
| 200 hosts | $36,000/year |
Calculation: $15 × hosts × 12 months (before any additional product costs)
Additional constraints
Summary of challenges
- Datadog supports SCIM but only at Enterprise tier (custom pricing)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Datadog doesn't sell SCIM separately. It's bundled into Infrastructure Pro or Enterprise plans starting at $15-23/host/month:
The challenge: you're paying for infrastructure monitoring capacity (per host) when you might only need identity management. A 100-person engineering team could easily hit $1,500-2,300/month just for user provisioning access, plus the actual monitoring costs.
Stitchflow Insight
We estimate ~60% of Infrastructure Pro/Enterprise features are monitoring-specific and irrelevant for teams that only need automated user provisioning. You're essentially buying observability platform access to get basic identity automation.
What IT admins are saying
Community sentiment on Datadog's SCIM implementation reveals significant frustration with platform-specific limitations and pricing barriers. Common complaints:
- Being locked out of SCIM unless on Infrastructure Pro or Enterprise plans
- Team provisioning completely broken on Microsoft Entra due to security freezes
- Having to disable SAML JIT provisioning to avoid conflicts with SCIM
- Enterprise-level complexity for basic identity management needs
Team provisioning via Entra SCIM is unavailable due to Microsoft freeze - we're stuck managing teams manually or using workarounds like Terraform.
You have to disable JIT when using SCIM to avoid discrepancies. So much for seamless integration.
The recurring theme
Datadog's SCIM feels like an afterthought with platform-specific breakdowns and configuration conflicts that force admins into manual workarounds for basic provisioning tasks.
The decision
| Your Situation | Recommendation |
|---|---|
| On Infrastructure Standard, need SCIM | Use Stitchflow: avoid the $15-23/host/month Pro/Enterprise upgrade |
| On Infrastructure Pro/Enterprise already | Use native SCIM: you're paying for it and it works well |
| Using Entra ID, need team provisioning | Use Stitchflow: Entra team sync is broken due to Microsoft freeze |
| Fast-growing DevOps team, need rapid onboarding | Use Stitchflow: ensures engineers get monitoring access immediately |
| Small, stable engineering team | Manual may work: but observability data sensitivity makes SCIM worthwhile |
The bottom line
Datadog's SCIM requires Infrastructure Pro or Enterprise plans ($15-23/host/month), which can add $18K-$30K+ annually for mid-sized teams. For organizations on Standard plans or dealing with Entra's broken team provisioning, Stitchflow delivers full automation at <$5K/year flat pricing.
Automate Datadog without the tier upgrade
Stitchflow delivers SCIM-level provisioning through resilient browser automation, backed by 24/7 human in the loop for Datadog at <$5K/year, flat, regardless of team size.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- SCIM only in Infrastructure Pro or Enterprise plans
- Strongly recommend disabling SAML JIT when using SCIM
- Team provisioning via Entra SCIM unavailable due to Microsoft freeze (late 2024 security incident)
- Service account application key recommended for SCIM
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
SCIM 2.0 for user and team (Managed Teams) provisioning. Recommend service account application key. Team sync via push groups with exact name matching. Aquera connector also available.
Native SCIM is available on Enterprise. Use Stitchflow if you need provisioning without the tier upgrade.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
SCIM 2.0 for user provisioning. Team provisioning unavailable due to Microsoft freeze on third-party app updates (late 2024 security incident). Use SAML mapping or Terraform for teams.
Native SCIM is available on Enterprise. Use Stitchflow if you need provisioning without the tier upgrade.
Unlock SCIM for
Datadog
Datadog gates automation behind Infrastructure Pro or Enterprise plan. Stitchflow delivers the same SCIM outcomes for a flat fee.
See how it works
